New Intel guidance confirms hundreds of older chips will not receive the latest Spectre microcode patch, while the newly announced Core i9 CPU will have the Spectre fix by default.

A new guidance report shows the development of Intel microcode patches for Spectre and Meltdown to be “stopped” for approximately 12 different CPU families, covering more than 230 processor models. Intel noted the reasons for halting progress on the patches as a combination of the “micro-architectural characteristics” of the CPUs preventing the implementation of a patch, limited software support for the devices, and the likelihood of exposure potentially being lower for the affected systems.

Intel asserts that customers generally use the affected chips in “closed systems”, which would not be at risk to the Meltdown and Spectre malware that has been seen in the wild.

The CPUs not scheduled to receive the Spectre Intel microcode patch for variant 2 of the vulnerability are generally older — most released between 2007 and 2011 — but the age of the chips doesn’t appear to be a deciding factor. Previous patches for variant 2 of Spectre, which involves branch target injection, were pulled earlier this year after customers reported reboot issues. Five other Intel CPU families originally released in 2009 and 2010 — Arrandale, Clarkdale, Lynnfield, Nehalem, and Westmere — do have Spectre patches in production, according to the guidance.

“We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google Project Zero,” an Intel spokesperson told SearchSecurity. “However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”

Coffee Lake and future Spectre mitigations

In addition to working on the Spectre microcode patch for older CPUs, Intel has been ensuring new chips are protected as well. On April 3rd, Intel announced the 8th generation of Core i9 CPUs — Coffee Lake — which will ship with Spectre mitigations.

The new Coffee Lake chips will ship with software and firmware updates to mitigate against Spectre and Meltdown, but a source close to Intel said these protections are similar to the previous microcode patches and are not to be confused with forthcoming CPUs that have hardware-level changes to protect against Spectre and Meltdown attacks.

Those CPUs are not due to be released until the second half of 2018 and will include hardware changes to mitigate variant 2 of Spectre. They will still require a Spectre microcode patch to protect against variant 1 of the vulnerability.